@periko I do this: Add ACL to the squidguard.conf (Diagnostics / Edit File / /usr/local/etc/squidGuard/squidGuard.conf) src admins { ip 192.168.2.0-192.168.2.255 ip 172.16.12.0/255.255.255.0 ip 10.5.3.1/28 } From squid GUI I definied this IP ranges in Unrestricted IPs. This work for me. Thanks !!!

@kom I've configured squid as transparent/ssl proxy server with one bypass for windows updates. SSL/MITM mode: Splice Whitelist, Bump Otherwise. (see attacment) [image: 1629117956946-squid-config_210816-resized.jpg] It was working ok when first installed, then for no apparent reason that I can trace, it just stopped filtering, Should I proceed to clear squid proxy server cache? Do you require any other config/specifics to help diagnose?

Well you could give it a shot, and see if you have any issues reported by clients.. Yeah I went through the whole security thing awhile back, there is a thread around here about it somewhere - wanted to get A+, and discovered that if you only allow for tls 1.3, that ssllabs will only give you a A vs A+ ;) edit: here is that thread https://forum.netgate.com/topic/162125/get-a-on-ssl-labs-test

@viktor_g Thank you for the promp reply, Presently I'm just running Squid - Proxy Service. Unfortuneately, I've removed Squidguard temporarily to avoid issues with Net Users. I normally do diagnostics/net management on Fridays, so I will reinstall/try again and send log at that time, or sooner if possible.

I don't believe you can do that since the front end needs to bind with 'verify required' for everything. See the discussion linked from that article: https://discourse.haproxy.org/t/how-to-set-ssl-verify-client-for-specific-domain-name/1489/3 It may not be something you can do using only the gui options in the pfSense package. You might have to use the custom pass though fields. It's not something I've ever seen done. But if you;re using different front ends I would expect to use the 'SSL Client issued by CA common name:' option. Steve

@lucas-borges remeber that is left alone and click save then you go squidguard and configure to your LDAP config [image: 1627954064491-f74b6bae-57a9-4fab-a1c7-bf85d2dbcc50-image.png]

edit: fixed it had to add another access control list with www pointing to the acl hope this helps someone else

Your phone prob not using your local dns would be my guess.. Make sure you phone is using your dns - and it is no different than any other client on your lan. Prob has doh turned on in whatever browser your using, etc.

@kom Great ideas, will give it a try and report back. Thanks for your help.

Sorry!! I've just figured out that it was necessary to install squid package before lightsquid !! problem solved !!

@sparkman123 said in Problem with dante socks server doing DNS lookups: For me it is not working with any ovpn client in the first place.

@ksoares Were you able to solve this problem? I am going through the same after updating PFSENSE to version 2.5.2

If the normal home use includes anything with a large number of connections which are overwhelming your router than maybe it could be used. You can always set it up for fun/learning and see how it works, you could try setting up a public minecraft server to test it.